Search code examples
javasnmpsnmp4j

Message processing model 3 returned error: Unknown security name


I'm getting Message processing model 3 returned error: Unknown security name error while running get/getNext command for single device. I'm hitting the device every 2 seconds. In order to have better performance, if I want get the different tables. I create thread and access each thread parallely from my application. When I access the device in single threaded mode all request works fine. However when I run it in multi-thread mode I get above error intermittently(2 fails in 10 request). Here is the stack trace.

2014-06-11 11:26:10,371 [http-8080-6] INFO  com.kp.SnmpV3Connection - User Target: Security level is: 3Security Name is: user7
2014-06-11 11:26:10,371 [http-8080-3] INFO  com.kp.SnmpV3Connection - User Target: Security level is: 3Security Name is: user7
2014-06-11 11:26:10,373 [http-8080-6] DEBUG org.snmp4j.security.UsmUserTable - Adding user user7 = UsmUser[secName=user7,authProtocol=1.3.6.1.6.3.10.1.1.3,authPassphrase=kp-pass,privProtocol=1.3.6.1.6.3.10.1.2.4,privPassphrase=kp-pass,localizationEngineID=null]
2014-06-11 11:26:10,373 [http-8080-6] DEBUG org.snmp4j.security.UsmUserTable - Adding user user7 = UsmUser[secName=user7,authProtocol=1.3.6.1.6.3.10.1.1.3,authPassphrase=kp-pass,privProtocol=1.3.6.1.6.3.10.1.2.4,privPassphrase=kp-pass,localizationEngineID=null]
2014-06-11 11:26:10,374 [http-8080-6] DEBUG org.snmp4j.security.USM - Security name not found for engineID=, securityName=75:73:65:72:37
2014-06-11 11:26:10,374 [http-8080-6] DEBUG org.snmp4j.security.USM - Security name not found for engineID=, securityName=75:73:65:72:37
2014-06-11 11:26:10,376 [http-8080-6] ERROR org.snmp4j.util.TableUtils - org.snmp4j.MessageException: Message processing model 3 returned error: Unknown security name
2014-06-11 11:26:10,376 [http-8080-6] ERROR org.snmp4j.util.TableUtils - org.snmp4j.MessageException: Message processing model 3 returned error: Unknown security name

As per the link given here I'm using the below security model:

USM usm = new USM(SecurityProtocols.getInstance(), new OctetString(
                    MPv3.createLocalEngineID()), 0);
SecurityModels.getInstance().addSecurityModel(usm);

The other option noAuthNopriv is not an option for me, I need to run it in authpriv. Could someone point me to the right direction.

I believe its the problem with some snmp session or engineId.

********************** EDIT **********************

After weeks of investigation I finally found that The way I was creating USM object

USM usm = new USM(SecurityProtocols.getInstance(), new OctetString(MPv3.createLocalEngineID()), 0);

I was creating this object for every request and adding into securitymodel resulting in recreation of UserTable and usertime table. I Fixed the issue by Making USM a singleton and there by preventing the USM table re-creation. However I ended-up with new issue, Now I'm getting error

2014-06-24 07:11:19,671 [DefaultUDPTransportMapping_10.110.113.75/0] DEBUG org.snmp4j.mp.MPv3 - SNMPv3 header decoded: msgId=1263968764, msgMaxSize=65535, msgFlags=03, secModel=3
2014-06-24 07:11:19,671 [DefaultUDPTransportMapping_10.110.113.75/0] DEBUG org.snmp4j.security.USM - getUser(engineID=80:00:05:49:04:4d:49:4d:49:43, securityName=user10)
2014-06-24 07:11:19,671 [DefaultUDPTransportMapping_10.110.113.75/0] DEBUG org.snmp4j.security.UsmTimeTable - CheckTime: received message outside time window (non authoritative)
2014-06-24 07:11:19,671 [DefaultUDPTransportMapping_10.110.113.75/0] DEBUG org.snmp4j.security.USM - RFC3414 ?3.2.7.a Not in time window; engineID='80:00:05:49:04:4d:49:4d:49:43', engineBoots=5, engineTime=58766
2014-06-24 07:11:19,671 [DefaultUDPTransportMapping_10.110.113.75/0] WARN  org.snmp4j.MessageDispatcherImpl - statusInfo=1.3.6.1.6.3.15.1.1.2.0 = 0, status=1411

After somemore investigation I found that snmp4j is not updating enginetime both its own and device engine time in UserTimeTable.


In addition to this problem I've few more queries.

  1. If I make USM a singleton USM table will be have its life per my application. How can clear this table(I may have tens of thousand device which may result eventually to out of memory). On what basis I can clear this users?

  2. How can I make SNMP4J to explicitly ask for engineboots and enginetimes

  3. How SNMP4J differentiates device if it has same user name and security name but different authphrase and privacy phrase and(possibly same engineId as will) Thanks in advance.


Solution

  • When I made USM a singleton and there by have single UsmUserTable, the security model issue was solved.

    USM usm = USMFactory.getInstance();
    

    And received message outside time window was the problem with device I had confiugred. All the device had same engineId. When I made engineId unique the issue was solved.